Slashdot Mirror
How Security Experts Are Protecting Their Own Data (siliconvalley.com)
Today the San Jose Mercury News asked several prominent security experts which security products they were actually using for their own data. An anonymous Slashdot reader writes:
The EFF's chief technologist revealed that he doesn't run an anti-virus program, partly because he's using Linux, and partly because he feels anti-virus software creates a false sense of security. ("I don't like to get complacent and rely on it in any way...") He does regularly encrypt his e-mail, "but he doesn't recommend that average users scramble their email, because he thinks the encryption software is just too difficult to use."
The newspaper also interviewed security expert Eugene Spafford, who rarely updates the operating system on one of his computers -- because it's not connected to the internet -- and sometimes even accesses his files with a virtual machine, which he then deletes when he's done. His home router is equipped with a firewall device, and "he's developed some tools in his research center that he uses to try to detect security problems," according to the article. "There are some additional things I do," Spafford added, telling the reporter that "I'm not going to give details of all of them, because that doesn't help me."
Bruce Schneier had a similar answer. When the reporter asked how he protected his data, Schneier wouldn't tell them, adding "I'm kind of a target..."
The newspaper also interviewed security expert Eugene Spafford, who rarely updates the operating system on one of his computers -- because it's not connected to the internet -- and sometimes even accesses his files with a virtual machine, which he then deletes when he's done. His home router is equipped with a firewall device, and "he's developed some tools in his research center that he uses to try to detect security problems," according to the article. "There are some additional things I do," Spafford added, telling the reporter that "I'm not going to give details of all of them, because that doesn't help me."
Bruce Schneier had a similar answer. When the reporter asked how he protected his data, Schneier wouldn't tell them, adding "I'm kind of a target..."
By virtue of the fact that he has even mentioned that using Linux is part of his reason to not run antivirus software, wouldn't the fact that he is using Linux be considered to be lulling him into exactly the same sort of false sense of security that he is accusing antivirus software of creating?
File under 'M' for 'Manic ranting'
> If you spend your time avoiding visiting unsavoury websites and have the knowledge not to downloading/open questionable files
The number 1 source of infections is compromised ads on mainstream sites like Slashdot. Avoiding "unsavoury websites" isn't protecting you. Noscript and an ad blocker would provide much more protection, along with automated offsite backups in a pull configuration (your computer must not be able to delete/overwrite the backups, for ransomware protection).
Same here. I hate AV software with a passion bcause it slows your computer to a crawl, gives a false sense of security and once it's on your computer it takes a complete reinstall of the OS to get it off again. The best AV practices are:
Never use MS software to browse the internet and read email
Use an ad blocker
Never even read email from unknown sources, let alone open attachments from there.
MAKE BACKUPS of your files.
-- Cheers!